Is a random Windows update safe to install?
January 13, 2004 6:26 PM   Subscribe

I just got another Windoze update. After ignoring them for all these years, I got "Blasted" in August, so have started downloading and accepting them all ever since. This one, from Tech Bulletin MS04-003 says the vulnerability is a "Buffer Overrun in MDAC Function Could Allow Code Execution (832483)." I want to know, before I install this one, is it necessary? Is it always/ever safe to trust Microsoft?
posted by Lynsey to Computers & Internet (12 answers total)
If it's a critical update, yes, install it. It's critical for a reason.
posted by riffola at 6:35 PM on January 13, 2004

Well, after the initial trust of installing and running their operating system, you should keep on trusting them to fix its numerous gaping security flaws, I guess. Whether you should trust their OS at all might be a different question.
posted by rhyax at 6:42 PM on January 13, 2004

oh for gods sake... no you can't trust microsoft. dont install it.
im mean it only allows someone to execute code on your machine via a buffer overrun in mdac function -- bwahaha big deal, not important. i mean wtf has mdac got to do with me?? i'm l33t. i know my windoze from my blixens. do not trust microsoft. they wrote your operating system, but who knows, maybe that's a virus too. next time you get.. hehe.. blasted dont forget all the other people who are suffering because of your ignorance.
posted by carfilhiot at 6:45 PM on January 13, 2004

I totally agree with rhyax - you can think of critical updates in a similar fashion to car recalls. If you purchase a new car, and the airbags or tires get recalled, you're not going to ask yourself "do I trust the car company or are they just jerking my chain?" You know it's in your best interest to go through with the recall.

Except with windows it's not difficult, doesn't cost you a dime, and does cost microsoft quite a bit for development of the patch, keeping the windowsupdate site current, and bandwidth to your computer.

If you don't trust Nissan, don't buy one. If you don't trust MS don't buy a windows box. But do your freaking updates/recalls if you do.
posted by woil at 7:03 PM on January 13, 2004

Response by poster: Ya know, I recall reading right here in AskMe that some folks had troubles with their Windoze machines after installing critical updates. Maybe I should have asked if anyone knew of any reason not to install the latest one, so as to not offend carfilhiot, anyway. Thanks to everyone else who answered.
posted by Lynsey at 7:11 PM on January 13, 2004

BigFix gets you all your updates in one place, more conveniently and more comprehensively than Microsoft's own software update feature. It's free for personal use.
posted by kindall at 7:15 PM on January 13, 2004

carfillwhatsit: Ask MetaFilter is as useful as you make it. Please limit comments to answers or help in finding an answer. Wisecracks don't help people find answers. Thanks.

It's never really safe to trust Microsoft, but as is said above, you're already running their code in ring 0 so it's a bit late for that. A quick googling doesn't turn up any "holy shit!" problem reports, so the fix is probably benign from a system stability standpoint.
posted by majick at 7:48 PM on January 13, 2004

So far so good with that one on all the boxes at work that I'm responsible for (about 45, including two servers). We haven't seen any problems with it yet.
posted by NsJen at 8:18 PM on January 13, 2004

There is something to be said for not fixing it if it's not broken. I sympathize with your hesitation, as well as the frustration with having to deal with the issue at all. Releasing a broken product and fixing it incrementally for the next 5 years indicates bad core design and weak testing/qa.

You've trusted Gollum this far, but should you really step into that cave?

Bah. All things considered I think you're stuck with him, as others have said already. Hang onto your fingers.
posted by scarabic at 8:34 PM on January 13, 2004

Buffer overrun errors are as serious as it gets and should be fixed immediately... the patch is often later than it should be by the time Microsoft gets it out. Any number of things could be using MDAC on your system.

As the others said, trust Microsoft or get Apple/Linux. If anyone ever compromises their update system you'll be in good company when the world crashes.
posted by tirade at 9:11 PM on January 13, 2004

Unless you are discovering SQL servers on your network, you are safe. I wouldn't bother installing it.
posted by j.edwards at 9:23 PM on January 13, 2004

My two cents, Lynsey: keep up with MS's critical patches BUT wait a few weeks after each is released before downloading and installing. Let the people who rush to download it immediately serve as the final round of beta testing. There have been several MS patches that have gone awry, such as the one (or maybe even SP1) for XP that killed the ability to access the internet once it was installed.
posted by pmurray63 at 9:30 PM on January 13, 2004

« Older Where can I find this scientific toy?   |   Best family vehicle for $4K? Newer »
This thread is closed to new comments.